Midtrans CardToken not Available on PHP

[benyaminl]

I want to ask about v2/token, why it's only available on node-js/js only? Can it also be part of this midtrans-php package?

refer to https://api-docs.midtrans.com/#get-token
https://github.com/Midtrans/midtrans-nodejs-client/blob/master/examples/coreApi/coreApiCreditCardExample.js#L36-L51

or I'm missing the method on this Midtrans class. Thank you

*I know we can done it via CURL, but would it be great if it's available out of the box. Thank you :)

[rizdaprasetya]

Hi @benyaminl it was intentional / by-design.
Get Card Token API call require card-data (which is sensitive information). If it is implemented on the PHP library, it means the card-data need to be sent to the merchant PHP backend in order to be processed.

Handling sensitive card-data is not recommended without proper security, audit & certification like PCI-DSS certificate. Regular merchant don't meet such condition and if they handle card-data, it is a very high security risk. Most of PHP library users are using shared PHP hosting, which is very risky. So we don't encourage user to do Get Card Token API call from PHP backend. Please use the security-safe frontend method to do that, which is provided on the /example folder of this library. or the doc you mentioned above. That is to ensure card-data is never transmitted to merchant's backend, and goes directly from customer to Midtrans.

We may add this in the future, but need to consider the security risk.

Thanks.